3 - Command Set
DynaPro Mini| PIN Encryption Device | Programmer’s Manual (Commands)
Page 77 of 128 (
D99875629-43
)
3.6.3.2.2
SRED ARQC Request (SRED Only, MAC-MSR)
On SRED devices, the device sends ARQC messages using
Report 0x29 - Send Big Block Data to Host
with a message structured like the example below. The host may also customize the contents of the
messages using tag DFDF02.
For details about using the general F9 MAC structure, see section
3.3 About Message Authentication
Codes (“MAC-AMK” or “MAC-MSR”)
. Information specific to this message is provided after the
example.
AAAA /* 2-byte MSB message length excluding padding and CBC-MAC */
F9<len> /* container for MAC structure and generic data */
DFDF54(MAC KSN)<len><val>
DFDF55(MAC Encryption Type)<len><val>
DFDF25(IFD Serial Number)<len><val>
FA<len>/* container for generic data */
70<len> /*container for ARQC */
DFDF53<len><value> /*fallback indicator */
5F20<len><value> /*cardholder name */
5F30<len><value> /*service code */
DFDF4D<len><value> /* Mask T2 ICC Data */
DFDF52<len><value> /* card type */
F8<len> /*container tag for encryption */
DFDF59<len><val> /* Encrypted Data
Primitive; decrypt data to read tags */
DFDF56<len><val> /* Encrypted Transaction
Data KSN */>
DFDF57<len><val> /* Encrypted Transaction
Data Encryption Type */
DFDF58<len><val> /* # of padding bytes
added to DFDF59 value to force length to a multiple of 8 bytes */
<Padding to force F9 plus padding to be a multiple of 8 bytes>
<Four byte CBC-MAC>
TLV data object F8 is an encrypted data container wrapping the encrypted ARQC message in nested data
object DFDF59, plus supporting information as clear text in other tags.
The device encrypts the Value inside data container DFDF59 using the data variant of the current MSR
DUKPT working key used in the relevant transaction. As a requirement for using the DUKPT TDES
encryption algorithm, the device pads it so the length of its value is a multiple of 8 bytes. The device uses
tag DFDF58 to report how many bytes of tag DFDF59 are padding. DFDF59 contains the following after
the host decrypts it:
FC<len>/* container for encrypted generic data */
F4<len>/* container tag for encrypted MSR
data */
DFDF36 <EncT1status><len><val>
DFDF37 <EncT1data><len><val>